CVE-2025-12480

critical

Description

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md

https://www.securityweek.com/critical-watchguard-firebox-vulnerability-exploited-in-attacks/

https://www.helpnetsecurity.com/2025/11/13/cisa-directive-cve-2025-20333-cve-2025-20362/

https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html

https://securityaffairs.com/184573/security/u-s-cisa-adds-watchguard-firebox-microsoft-windows-and-gladinet-triofox-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2025/11/12/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://www.securityweek.com/critical-triofox-vulnerability-exploited-in-the-wild/

https://www.infosecurity-magazine.com/news/hackers-exploit-critical-flaw/

https://www.helpnetsecurity.com/2025/11/11/gladinet-triofox-vulnerability-cve-2025-12480/

https://www.bleepingcomputer.com/news/security/hackers-abuse-triofox-antivirus-feature-to-deploy-remote-access-tools/

https://securityaffairs.com/184439/hacking/critical-triofox-bug-exploited-to-run-malicious-payloads-via-av-configuration.html

https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html

https://www.triofox.com/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480

https://access.triofox.com/releases_history/

Details

Source: Mitre, NVD

Published: 2025-11-10

Updated: 2025-11-14

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.51652

Detections

Analytics